LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-11-2007, 11:47 PM   #1
PatrickNew
Senior Member
 
Registered: Jan 2006
Location: Charleston, SC, USA
Distribution: Debian, Gentoo, Ubuntu, RHEL
Posts: 1,148
Blog Entries: 1

Rep: Reputation: 48
Preventing Swap?


I have three separate but related questions. Perhaps they belong in Programming, but it is Linux- and security- specific, so I thought here would be a good place.

Is there any way for an application to request that it's memory space never be sent to swap. For instance, say I write an encryption-related application that must store plaintext in memory. I wouldn't want that to get swapped, as that leaves it somewhat vulnerable. In this case I would rather the kernel rudely kill my process than swap it.

The second question is, does the kernel ever swap any part of itself? I would imagine not, but I suppose what I'm asking is, would it work as a dirty hack to simply move the code into kernel-space?

And the final question: assuming that an application can't request to be swapped, how difficult would it be to implement that into the kernel? I'm imagining that would require digging into the guts of the kernel's memory management and process management, so pretty difficult. However, I have never even touched kernel development, so could someone clue me in to exactly the level of impracticality in implementing that?
 
Old 08-12-2007, 12:59 AM   #2
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 117Reputation: 117
I would look at the mlock() call. It does exactly what you want. Be careful not to lock too much memory, of course... I would only lock parts that MUST be secure.
 
Old 08-12-2007, 01:00 AM   #3
PatrickNew
Senior Member
 
Registered: Jan 2006
Location: Charleston, SC, USA
Distribution: Debian, Gentoo, Ubuntu, RHEL
Posts: 1,148
Blog Entries: 1

Original Poster
Rep: Reputation: 48
Thank you greatly. I *knew* I couldn't be the first to want that.
 
Old 08-12-2007, 01:03 AM   #4
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 117Reputation: 117
Nope... it's commonly used by processes like gpg, gpg-agent, ssh-agent, and other encryption apps.
 
Old 08-12-2007, 02:01 AM   #5
syg00
LQ Veteran
 
Registered: Aug 2003
Location: Australia
Distribution: Lots ...
Posts: 12,096

Rep: Reputation: 978Reputation: 978Reputation: 978Reputation: 978Reputation: 978Reputation: 978Reputation: 978Reputation: 978
Of course you could also just encrypt the swap space.

Always more than one answer.
 
Old 08-12-2007, 06:30 AM   #6
robertvi
LQ Newbie
 
Registered: Aug 2007
Location: United Kingdom
Distribution: Ubuntu
Posts: 3
Blog Entries: 6

Rep: Reputation: 0
A friend who's a computer security academic suggested that both (i) locking memory and (ii) encrypting swap space were problematic: (i) because any selfish program could make itself run faster by preventing itself swapping at the expense of forcing others to swap more and (ii) because you have the possibility of accidentally encrypting the swap space key and therefore losing the ability to decrypt swap. Perhaps he was being too pessimistic...
 
Old 08-12-2007, 07:22 AM   #7
syg00
LQ Veteran
 
Registered: Aug 2003
Location: Australia
Distribution: Lots ...
Posts: 12,096

Rep: Reputation: 978Reputation: 978Reputation: 978Reputation: 978Reputation: 978Reputation: 978Reputation: 978Reputation: 978
I was about to make a few choice comments re academics, but decided to resist.
Sufficed to note that he offerred no solution.

Sheesh ...
 
  


Reply

Tags
secure, swap


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Need Help Increasing Swap by creating a swap file froggo Red Hat 3 06-13-2006 08:04 AM
Linux swap / solaris not appearing as swap in Ubuntu? Erik_the_Red Linux - Newbie 1 07-30-2005 12:57 PM
How to unmount actual swap and mount a new(bigger) swap space? isaac Linux - Newbie 1 06-06-2004 01:23 AM
Preventing Changes To Desktop xenic501 Linux - Security 1 05-03-2004 01:36 PM
Difference between Swap Virtrual memory and Swap Parition Nappa Slackware 4 11-27-2003 07:58 PM


All times are GMT -5. The time now is 01:27 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration